From e18e5b3d2559f5f0395ffe79416cdca3abc89310 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 14 Feb 2021 16:01:15 +0000 Subject: Start restructuring for Pelican --- markdown/DisasterRecovery.md | 45 -------------------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 markdown/DisasterRecovery.md (limited to 'markdown/DisasterRecovery.md') diff --git a/markdown/DisasterRecovery.md b/markdown/DisasterRecovery.md deleted file mode 100644 index 9c0e56f..0000000 --- a/markdown/DisasterRecovery.md +++ /dev/null @@ -1,45 +0,0 @@ -# Disaster Recovery - -This page covers a few likely (hopefully unlikely) oh-noes. - -## Oh no, I bricked my device - -### Recovering from a bad firmware install - -You can upload new firmware through the bootloader. On power-up or reset, -the bootloader flashes the blue LED for 10 seconds. During that time, start -`cryptech_upload`: - -``` -$ cryptech_upload --firmware --user wheel -PIN: -``` - -### Recovering from a bad bootloader install - -Well, now you've done it. You'll need to buy an ST-LINK programmer. -See [wiki:UsingSTLink]. - -## Oh no, I'm locked out of my device - -If you're staring at this thing for the first time, or if you ran -`keystore erase`, then you have no PIN. Believe it or not, this is the -best case scenario. Log in as wheel with the default PIN -`YouReallyNeedToChangeThisPINRightNowWeAreNotKidding`, and you should be -able to reset the PINs. - -If you forgot the PIN, I feel sorry for you. The only way out of this is -via [wiki:UsingSTLink ST-LINK]. The easiest way is to debug with `gdb`, set a breakpoint on -`hal_rpc_login`, and issue the gdb command `return 0`. - -## Oh no, I forgot (or reset) the master key - -As shipped, the Alpha doesn't include a battery backup for the Master Key -Memory. So if power is interrupted, the MKM is wiped. (Also, if we had -tamper protection more sophisticated than a Panic Button, it would wipe -the MKM when you opened the case to install the ST-LINK cable.) - -Sorry, there's nothing that can be done about that. All your keys are -still in flash memory, but encrypted with the KEK, which is now gone. -(Unless you used the `masterkey unsecure set` command to store the KEK in -unprotected flash memory, but you wouldn't do that, would you?) -- cgit v1.2.3